We accompany you throughout the whole process

Through all phases of our certification process, we offer individual consulting services regarding the implementation of PCI PA-DSS requirements. Our services include, for example, consulting on how to achieve compliance quickly and efficiently, reduce the audit scope, assess technical and organisational measures, support in creating required concepts, solution or processes as well as Security Awareness Training for employees.

Anna-Magdalena Kohl, PCI Professional & Sales

Your Certification Process

Our PCI PA-DSS security audits are based on the requirements of the PCI Security Standards Council and are structured into the following phases:

During the course of a PCI PA-DSS Scope Workshops we introduce you to the contents of the PCI PA-DSS. While doing so, we discuss the applicability of the individual PCI PA-DSS requirements with you, define the audit scope and determine the next steps to be taken to achieve PCI PA-DSS together.

We verify compliance with the requirements of the PCI PA-DSS during a Gap Analysis to prepare you optimally for the final certification. This enables you to detect existing deviations in applications as well as development, testing, deployment and support processes at an early stage, and to correct them before the official PCI PA-DSS certification takes place. In addition, we offer to perform a security analysis of the application in the form of a Penetration Test as well as a Secure Coding Training for software developers and quality engineers as required by the PCI PA-DSS.

The PCI PA-DSS certification consists of an On-Site Audit performed by a usd auditor. We specify the actual test scope and the testing procedure in advance together with you. The audit is a formal assessment process to validate your implementation of the PCI PA-DSS requirements. We document the results of the on-site audit including recommended corrective action, if required. You then have the opportunity to correct existing deviations from PCI PA-DSS requirements. Subsequently, we perform a selective follow-up test (re-testing). Simultaneously, we issue the official audit report. After the report has been approved by you, we forward it to the PCI Council for review. Following successful confirmation of compliance, we will issue a PCI PA-DSS certificate and a seal of approval for you to use on your own website.

Following the successful PCI PA-DSS certification, we will support you in maintaining compliance by performing Quarterly Workshops. We will discuss PCI PA-DSS-relevant changes within your company as well as changes to the security standard itself with you and suggest measures to maintain PCI PA-DSS compliance.

Changes to certified software can be assessed and published through a re-certification process. During this process, one of our auditors assesses the relevant software changes and conducts an adjusted re-certification process. The auditor then forwards the results to the PCI Council. We support you with re-certifying all types of changes according to the PCI PA-DSS Program Guide (High Impact, Low Impact, No Impact, Administrative). New software versions can therefore be re-certified and submitted to the PCI Council for listing at calculable cost.

For detailed informationen on our approach and in-depth descriptions of our consultation and certification services for software vendors, please download: